diff options
| author |   Anthony G. Basile <basile@opensource.dyc.edu> | 2010-05-21 07:13:49 -0400 |
|---|---|---|
| committer | Anthony G. Basile <basile@opensource.dyc.edu> | 2010-05-21 07:13:49 -0400 |
| commit | 45460c3ed1d0d4dfd65e7b0d76bf1199b2727b1e (patch) | |
| tree | 5e1d55ed6093cf0cc63b2b34ac3d06c0f3475acb | |
| parent | Updated Grsec/PaX to 2.1.14-2.6.32.13-201005151340 for kernel 2.6.32.13 (diff) | |
| download | hardened-patchset-45460c3ed1d0d4dfd65e7b0d76bf1199b2727b1e.tar.gz hardened-patchset-45460c3ed1d0d4dfd65e7b0d76bf1199b2727b1e.tar.bz2 hardened-patchset-45460c3ed1d0d4dfd65e7b0d76bf1199b2727b1e.zip | |
Added patch to remove "protected kernel image paths" from grsecurity/Makefile
| -rw-r--r-- | kernel/2.6.32/4423_grsec-remove-protected-paths.patch | 20 | ||||
| -rw-r--r-- | kernel/distfiles/hardened-patches-2.6.32-10.extras.tar.bz2 | bin | 0 -> 338440 bytes | |||
| -rw-r--r-- | kernel/hardened-patches-2.6.32-10.extras.tar.bz2 | bin | 338167 -> 0 bytes |
3 files changed, 20 insertions, 0 deletions
diff --git a/kernel/2.6.32/4423_grsec-remove-protected-paths.patch b/kernel/2.6.32/4423_grsec-remove-protected-paths.patch new file mode 100644 index 0000000..9c0fd88 --- /dev/null +++ b/kernel/2.6.32/4423_grsec-remove-protected-paths.patch @@ -0,0 +1,20 @@ +From: Anthony G. Basile <basile@opensource.dyc.edu> + +We don't want to allow GRSEC's Makefile to change permissions on +paths in the filesystem. + +--- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400 ++++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400 +@@ -22,8 +22,8 @@ + ifdef CONFIG_GRKERNSEC_HIDESYM + extra-y := grsec_hidesym.o + $(obj)/grsec_hidesym.o: +- @-chmod -f 500 /boot +- @-chmod -f 500 /lib/modules +- @-chmod -f 700 . +- @echo ' grsec: protected kernel image paths' ++ # @-chmod -f 500 /boot ++ # @-chmod -f 500 /lib/modules ++ # @-chmod -f 700 . ++ # @echo ' grsec: protected kernel image paths' + endif diff --git a/kernel/distfiles/hardened-patches-2.6.32-10.extras.tar.bz2 b/kernel/distfiles/hardened-patches-2.6.32-10.extras.tar.bz2 Binary files differnew file mode 100644 index 0000000..e46de2d --- /dev/null +++ b/kernel/distfiles/hardened-patches-2.6.32-10.extras.tar.bz2 diff --git a/kernel/hardened-patches-2.6.32-10.extras.tar.bz2 b/kernel/hardened-patches-2.6.32-10.extras.tar.bz2 Binary files differdeleted file mode 100644 index 96e1bb2..0000000 --- a/kernel/hardened-patches-2.6.32-10.extras.tar.bz2 +++ /dev/null |